Breach of the data protection peace

With the ICO rarely fining for breaches of the Data Protection Act, are businesses breaking rules as they can get away with it or is the ICO bringing about some other type of corporate telling off?

You don't have to read too far into the Information Commissioner's Office (ICO) website to find its mission statement. The ICO has been established to "Uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals."

Lone justice?

With this declaration in mind, one might naturally question the statistics pertaining to recent judiciary actions carried out by the ICO. Reports earlier this year highlighted the fact just 36 out of 2,565 data breaches were acted upon by the ICO, with only four cases resulting in monetary fines.

Security vendors from far and wide have used this apparent' shortfall in regulatory discipline as a platform for reinforcing the effectiveness of their data protection products. So as the Data Protection Act (DPA) and issues relating to information compliance gain an ever-greater number of column inches, is it time to question whether we are at an industry tipping point and about to fall?

Is it time to question whether we are at an industry tipping point and about to fall?

"The reports noting that just one per cent of data breaches have been fined by the ICO risk undermining its power to force companies to take their internal security measures seriously," said Nigel Hawthorn, vice president of EMEA marketing for Blue Coat Systems.

"When the ICO increased the maximum fine tenfold from 50,000 to half a million pounds last year, this should have sent a clear message to the market that companies needed to get their house in order. But why bother sharpening the ICO's teeth if they are not prepared to bite?"

Industry opinion appears to lay part of the blame for compliance issues on the proliferation of devices and flexibility of new work practices. Both of these factors are further fuelled by the consumerisation of IT, which makes it increasingly difficult for companies to protect data and increasingly easy to lose it.

Matthew Tomlinson, a board director at secure network specialist Secure Data, said we will see an increase in audits and fines from the ICO over the coming years, but companies really need to take responsibility for data protection and start policing themselves.

"In practice it is unrealistic for the ICO to audit every company; they do not have the resources or the capacity," he said.

"However, we are seeing larger corporations already beginning to police themselves due, foremost, to the fear of public backlash if they were to have a major data breach. You only have to look at the recent Sony data breach to see the public affect it has on the company."

Featured Resources

Preparing for AI-enabled cyber attacks

MIT technology review insights

Download now

Cloud storage performance analysis

Storage performance and value of the IONOS cloud Compute Engine

Download now

The Forrester Wave: Top security analytics platforms

The 11 providers that matter most and how they stack up

Download now

Harness data to reinvent your organisation

Build a data strategy for the next wave of cloud innovation

Download now

Recommended

The best 4G network
Mobile

The best 4G network

28 Sep 2020

Most Popular

UK gov considers blocking Nvidia's takeover of Arm
Acquisition

UK gov considers blocking Nvidia's takeover of Arm

4 Aug 2021
RMIT to be first Australian university to implement AWS supercomputing facility
high-performance computing (HPC)

RMIT to be first Australian university to implement AWS supercomputing facility

28 Jul 2021
Tesla Megapack goes up in flames at Australian battery site
Hardware

Tesla Megapack goes up in flames at Australian battery site

30 Jul 2021